omnihub GitLab →
Pre-alpha · Building in the open

Your data. Your Hub.
Sovereign by design,
federated by default.

For governments, startups, third sector, investors, and individuals. Same codebase. Different Hubs. One federated network.

Deploy your Hub Read the spec
01 — Hub
A sovereign node. Own database, own keys, own audit log.

Every Hub is a self-contained installation with its own cryptographic identity. Same codebase whether you're a ministry, a startup, or a citizen.

02 — Federation
Hubs talk to Hubs. Raw data never leaves origin.

The Hub Federation Protocol exchanges verified credentials and anonymised aggregates — never raw PII. Permission grants are explicit, auditable, and revocable.

03 — Agents
AI agents are first-class actors, not bolt-ons.

Every Hub speaks MCP today, with A2A, ACP, UCP, and AP2 landing as the agentic stack matures. Agents act under the same permission model as humans.

Who it's for

One platform. Different module collections. Every actor in the digital economy.

A Hub is what a WordPress site is to the web — a sovereign installation that becomes whatever its modules make it. Pick the door that fits.

Government

For ministries, agencies, and statutory bodies.

Cross-agency federation without data leaving the ministry. Compliance built in (PDPA, MyGovEA-aligned). Audit-immutable by default.

Phase 1 · Government Hub modules
Startup & 3rd sector

For founders, NGOs, and ecosystem builders.

Stop re-entering the same data into twelve portals. Submit verified credentials to programmes. Run your own ops without surrendering your dataset.

Phase 2 · Startup Hub modules
Investor

For VCs, family offices, and capital allocators.

Portfolio Hubs share metrics with you, not raw books. Federated diligence. Reporting that doesn't require a quarterly spreadsheet ritual.

Phase 2 · Investor Hub modules
Individual

For citizens with a personal digital workspace.

A private Hub for your credentials, documents, and life-event flows. Sign in once. Prove what you need to prove. Hold the originals yourself.

Phase 3 · Individual Hub modules
How it works

Privacy is an architectural constraint, not a feature.

Most platforms add privacy after the data has already been centralised. OmniHub never centralises it in the first place. Every Hub holds its own data; every cross-Hub exchange is mediated by the Hub Federation Protocol.

  1. 01
    Each Hub publishes a signed identity document.

    A standard HFP-ID at /.well-known/omnihub-hub declares the Hub's DID, public key, and supported protocols.

  2. 02
    Permission is requested, not assumed.

    Before any data crosses, the requesting Hub declares purpose, retention, and the agent (if any) initiating the exchange. The receiving operator grants or denies.

  3. 03
    Responses are credentials and aggregates — not records.

    Hubs answer with verified yes/no attestations, differentially-private aggregates, or tokenised datasets. The raw rows stay home.

  4. 04
    Every exchange writes to an immutable audit log.

    A Postgres trigger rejects mutations. Both Hubs hold a hash-chained record. Operators can prove what happened — and what didn't.

Status

Pre-alpha. Building in the open. Honest about what ships today.

OmniHub is an active, AGPL-licensed build. We'd rather show you the roadmap than the marketing brochure.

Shipping today
  • Chassis: install wizard, multi-tenancy, auth + TOTP MFA, RBAC, immutable audit log, module loader.
  • ERM module — HR, leave, budgets, expenditures.
  • CMS module — documents, workflows, dynamic forms.
  • LMS module — courses, enrolments, assessments, certificates.
  • MCP server — 21 tools across ERM/CMS/LMS, JSON-RPC 2.0.
  • Hub identity, HFP-ID document, Federation Mode A & B.
  • VE-RAGLLM Python AI microservice (early).
On the roadmap
  • Full agentic stack — A2A, ACP, UCP, AP2.
  • Differential privacy + non-identifiable data lake.
  • Module marketplace with signed packages.
  • Enterprise auth — SAML, OIDC, WebAuthn, GPKI.
  • Themes & white-labelling (Enterprise Edition).
  • Production deploy — Helm, Terraform, Vault.
  • Individual Hub — document vault, credential wallet, life-event flows.
01
Sovereignty first.

Every Hub operator owns their data absolutely.

02
Privacy by architecture.

PII never crosses Hub boundaries in raw form.

03
Open by default.

Community Edition is AGPL-3.0, forever.

04
Agentic by design.

AI agents are first-class actors, not bolt-ons.

Deploy your Hub

One command. Your own sovereign node.

OmniHub is designed to be deployable anywhere Docker runs. No mandatory cloud, no phone-home, no telemetry you didn't opt in to.

# Bring up the dev stack
$ git clone gitlab.com/hexa-partners/OmniHub
$ cd OmniHub && ./scripts/dev-setup.sh
$ docker compose up -d
$ docker compose exec api \
php artisan omnihub:install
Clone on GitLab Read the docs